<?php
/**
 * signin.php 登陆
 * Jack通过该页面登陆到系统
 */
require_once 'setting.php';
require_once 'smarty.php';

require_once ROOTPATH . 'functions.php';

require_once INCLUDESPATH . 'db/User.php';
require_once INCLUDESPATH . 'db/UserDAO.php';

# start the session function
if (!isset($_SESSION)) {
	session_start();
}

$smarty = new MySmarty();

$redirect = 'index.php';

// if the user already logined, jump to the home page
if (isset($_SESSION['user']) || isRememberMe()) {
	header("Location: " . $redirect);
	exit;
}

# if next action is signin
if (isset($_GET['next']) && $_GET['next'] == 'signin') {

	# record current failed login times
	if (!isset($_SESSION['logintimes'])) {
		$_SESSION['logintimes'] = 1;
	} else {
		$_SESSION['logintimes']++;
	}

	# 获得跳转链接
	if (isset($_GET['redirect'])) {
		if (validRedirectPath($_GET['redirect'])) {
			$redirect = $_GET['redirect'];
		}
	}
	
	# get the user input info
	$username = isset($_POST['username']) ? $_POST['username'] : '';
	$password = isset($_POST['password']) ? $_POST['password'] : '';

	# if login failed more than 3 times, check the input CAPTCHA
	if (isset($_SESSION['logintimes']) && $_SESSION['logintimes'] > 3) {
		# get the input verification
		$verification = isset($_POST['verification']) ?
		strtoupper($_POST['verification']) : '';

		if (validCAPTCHA($verification)) {
			# the user input is not correct
			if ($_SESSION['captcha'] !== $verification) {
				errorHandler("Invalid Verification String", "signin.php?redirect=$redirect");
				exit();
			}
		} else {
			errorHandler("Invalid Verification String", "signin.php?redirect=$redirect");
			exit();
		}
	}

	# all the input is valid
	if ((validUsername($username) || validEmail($username))
	&& validPassword($password)) {
		$user = userExist($username);
		if ($user) {
			if(md5($password) == $user->getPassword()) {
				# save the user info
				$_SESSION['user'] = $user;
				$_SESSION['username'] = $user->getUsername();
				# delete the logintimes in the session
				unset($_SESSION['logintimes']);
				# manage cookies
				if (isset($_POST['rememberme'])) {
					setcookie("username", $user->getUsername(), time() + $cookielife, "/");
					setcookie("password", $user->getPassword(), time() + $cookielife, "/");
				}
				# go to the home page
				header("Location: " . $redirect);
			} else {
				errorHandler("Wrong password.", "signin.php?redirect=$redirect");
				exit();
			}
		} else {
			errorHandler("This user doesn't exist.", "signin.php?redirect=$redirect");
			exit();
		}
	}
	# not all the input is valid
	else {
		errorHandler("Invalid username or password.", "signin.php");
		exit();
	}


} else {
	if (isset($_SESSION['errormessage'])) {
		$smarty->assign('errormessage', $_SESSION['errormessage']);
		unset($_SESSION['errormessage']);
	}

	if (isset($_SESSION['username'])) {
		$smarty->assign('username', $_SESSION['username']);
		unset($_SESSION['username']);
	}

	if (isset($_GET['redirect'])) {
		if (validRedirectPath($_GET['redirect'])) {
			$redirect = $_GET['redirect'];
		}
	}
	
	$smarty->assign('title', $pagetitle['signin']);
	$smarty->assign('redirect', '&redirect=' . $redirect);
	$smarty->assign('captcha', 'captcha.php');
	$smarty->display("signin.tpl");
}

# error handler of signin.php
function errorHandler($errormessage, $goto) {
	global $username;
	$_SESSION['errormessage'] = $errormessage;
	$_SESSION['username'] = $username;
	header("Location: " . $goto);
}

?>